Zooming into Darknet Threats Targeting Japanese Organizations

Victoria Kivilevich, Threat Intelligence Analyst

In light of rising cyberattacks and ahead of the 2021 Tokyo Games, Japan is investing in cybersecurity efforts, with one of them being the establishment of a government entity dubbed the Digital Agency. The decision follows recent fraud involving Japanese bank accounts linked to cashless payments services, which could be achieved by brute-forcing, using compromised credentials to banking accounts or via other attack vectors. Attacks on the banking infrastructure is just a part of threats targeting Japanese organizations, recently explored by KELA. They include:

  • Leaked data and compromised accounts. KELA detected that data belonging to Japanese corporations, as well as government and educational entities, is actively circulating in the darknet and being demanded by threat actors. This data can be used to gain initial network accesses, i.e. entry points to targeted networks.
  • Initial network accesses. KELA observed several Japanese compromised companies, ranging from corporations to universities, including one Japan ministry target during June-October 2020. These accesses can be leveraged to eventually deploy ransomware.
  • Ransomware incidents. KELA detected at least 11 Japanese victims of ransomware attacks in June-October 2020. The affected companies are from manufacturing, construction and government-related industries, with top victims having around $143 billion, $33 billion and $2 billion yearly revenue.